CVE-2020-15970: Use after free in NFC
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2020-15967
- CVE-2020-15968
- CVE-2020-15969
- CVE-2020-15971
- CVE-2020-15972
- CVE-2020-15990
- CVE-2020-15991
- CVE-2020-15973
- CVE-2020-15974
- CVE-2020-15975
- CVE-2020-15976
- CVE-2020-6557
- CVE-2020-15977
- CVE-2020-15978
- CVE-2020-15979
- CVE-2020-15980
- CVE-2020-15981
- CVE-2020-15982
- CVE-2020-15983
- CVE-2020-15984
- CVE-2020-15985
- CVE-2020-15986
- CVE-2020-15987
- CVE-2020-15992
- CVE-2020-15988
- CVE-2020-15989
Frequently Asked Questions
What is CVE-2020-15970?
CVE-2020-15970 is a vulnerability in NFC in Google Chrome prior to version 86.0.4240.75 that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Which software is affected by CVE-2020-15970?
Google Chrome prior to version 86.0.4240.75, Fedora 31, Fedora 32, Fedora 33, openSUSE Backports SLE 15.0-sp2, and Debian Debian Linux 10.0 are affected by CVE-2020-15970.
What is the severity of CVE-2020-15970?
The severity of CVE-2020-15970 is high with a severity score of 8.8.
How can I fix CVE-2020-15970 in Google Chrome?
You can fix CVE-2020-15970 in Google Chrome by updating to version 86.0.4240.75 or later.
Where can I find more information about CVE-2020-15970?
You can find more information about CVE-2020-15970 at the following references: [1] https://security-tracker.debian.org/tracker/CVE-2020-15970, [2] http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html, [3] https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html.